<?php
	session_start();
	
	if (!isset($_SESSION['sesi_login']))
		header("Location:../../index.php");

	@chdir("../../");
	define('ABS_URL',str_replace("\\","/",getcwd()));
	require ABS_URL.'/engine/Smarty.class.php';
	require ABS_URL."/functions/class.query.inc.php";
	$smarty = new Smarty();
	require ABS_URL."/dev_con.inc.php";
	require ABS_URL."/functions/func_file.php";
	$queryData = new queryData();
	$queryData->baseConfig();
	require ABS_URL."/functions/func_content.php";
	require ABS_URL."/langs/".BASE_LANGUAGE.'.inc.php';
	require $queryData->get_curr_dir(dirname(__FILE__))."/langs/".BASE_LANGUAGE.'.inc.php';

	$nama_alias = trim(strip_tags($_POST['alias']));
	$passbefo = trim(strip_tags($_POST['katakuncisebelum']));
	$passtbl_login = trim(strip_tags($_POST['katakunci']));
	$passlagi = trim(strip_tags($_POST['katakuncilagi']));
	$tanggal = date("Y-m-d H-i-s");
	$kode = is_numeric($_POST['kode']) ? $_SESSION['id_char'] : "";

	$sql = "SELECT * FROM tbl_login WHERE passuser=md5('".$passbefo."') AND id_user='".$kode."'";
	$qry = mysql_query($sql);
	$row = mysql_num_rows($qry);
		
	if (empty($nama_alias)) {
		$_SESSION['sesi_ver'] = "Nama Lengkap Harus dimasukkan.";
	} elseif ($row!=1) {
		$_SESSION['sesi_ver'] = "Kata Kunci saat ini Tidak sesuai. Silahkan Masukkan Kata Kunci Saat ini untuk Mengubah Data.";
	} elseif ($passtbl_login<>$passlagi) {
		$_SESSION['sesi_ver'] = "Verifikasi kata kunci tidak sesuai dengan Kata Kunci Baru. Silahkan Perbaiki data.";
	} elseif ((isset($_POST['status'])) && ($_POST['status']=="edit")) {
		
		if ($passtbl_login!="") {
			$pass = md5($passlagi);
		} else {
			$pass = md5($passbefo);
		}
		
		$sql = "UPDATE tbl_login SET alias='".$nama_alias."', passuser='".$pass."' WHERE id_user='".$kode."'";
		$qry = mysql_query($sql);

		$sqlQ = "SELECT * FROM x_field WHERE tipe='detail_user'";
		$qryQ = mysql_query($sqlQ);
		while($rowQ = mysql_fetch_object($qryQ)) {
			$arr_find = array(" ","/");
			$arr_replace = array("_","_");
			$name_form = str_replace($arr_find,$arr_replace,strtolower($rowQ->fieldname));
			$rowS = $queryData->selek1("x_fieldvalue","`tipe`='detail_user' AND `fieldname`='".$name_form."' AND id_user='".$kode."'");
			
			if ($rowS->id_user=="") {
				$sqlD = "INSERT INTO x_fieldvalue VALUES(NULL,'detail_user','".$name_form."','".$_POST[$name_form]."','".$kode."')";
				$qryD = mysql_query($sqlD);
			} else {
				$sqlD = "UPDATE x_fieldvalue SET fieldvalue='".$_POST[$name_form]."' WHERE `tipe`='detail_user' AND `fieldname`='".$name_form."' AND id_user='".$kode."'";
				$qryD = mysql_query($sqlD);
			}
		}

		$_SESSION['sesi_ver'] = "Data anda telah berhasil diubah.";
	}
		
	if (isset($_SESSION['sesi_login'])) {
		header("Location:../../index.php?show=admin&showview=".$_GET['showview']);
	} else {
		header("Location:index.php");
	};

?>
